Permalink
Show file tree
Hide file tree
4 changes: 3 additions & 1 deletion
4
...iki-platform-oldcore/src/main/java/com/xpn/xwiki/user/impl/xwiki/MyFormAuthenticator.java
6 changes: 6 additions & 0 deletions
6
xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/web/XWikiAction.java
20 changes: 20 additions & 0 deletions
20
...orm-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/web/XWikiServletResponse.java
4 changes: 1 addition & 3 deletions
4
xwiki-platform-core/xwiki-platform-url/xwiki-platform-url-api/pom.xml
30 changes: 30 additions & 0 deletions
30
...iki-platform-url/xwiki-platform-url-api/src/main/java/org/xwiki/url/URLConfiguration.java
15 changes: 15 additions & 0 deletions
15
...url/internal/DefaultURLConfiguration.java → ...url/internal/DefaultURLConfiguration.java
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
XWIKI-10309: Check URL domains based on a whitelist (#1592)
Introduce a new property for listing the trusted domains and API to
check an URL against that list and the aliases used in subwikis.
* Add new property url.trustedDomains in xwiki.properties
* Add new API in URLConfiguration to retrieve this configuration value
* Create a new URLSecurityManager responsible to check if an URL can
be trusted based on this property and on the subwikis configurations
* Introduce a new listener to invalidate the cache of
URLSecurityManager whenever a XWikiServerClass xobject is
added/updated/deleted
* Move URL API implementations to URL default module
* Add a new property url.enableTrustedDomains as a global switch off the
checks on domains to avoid breaking behaviours on existing instances
* Add a constant property in URLSecurityManager to be set in
ExecutionContext to allow temporary switch off the check for
extensions
* Use both those switches in DefaultURLSecurityManager to prevent
performing the check when needed- Loading branch information
Showing
40 changed files
with
640 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
56 changes: 56 additions & 0 deletions
56
...i-platform-url/xwiki-platform-url-api/src/main/java/org/xwiki/url/URLSecurityManager.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| /* | ||
| * See the NOTICE file distributed with this work for additional | ||
| * information regarding copyright ownership. | ||
| * | ||
| * This is free software; you can redistribute it and/or modify it | ||
| * under the terms of the GNU Lesser General Public License as | ||
| * published by the Free Software Foundation; either version 2.1 of | ||
| * the License, or (at your option) any later version. | ||
| * | ||
| * This software is distributed in the hope that it will be useful, | ||
| * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
| * Lesser General Public License for more details. | ||
| * | ||
| * You should have received a copy of the GNU Lesser General Public | ||
| * License along with this software; if not, write to the Free | ||
| * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA | ||
| * 02110-1301 USA, or see the FSF site: http://www.fsf.org. | ||
| */ | ||
| package org.xwiki.url; | ||
|
|
||
| import java.net.URL; | ||
|
|
||
| import org.xwiki.component.annotation.Role; | ||
| import org.xwiki.stability.Unstable; | ||
|
|
||
| /** | ||
| * Dedicated component to perform security checks on URLs. | ||
| * | ||
| * @version $Id$ | ||
| * @since 13.3RC1 | ||
| * @since 12.10.7 | ||
| */ | ||
| @Role | ||
| @Unstable | ||
| public interface URLSecurityManager | ||
| { | ||
| /** | ||
| * Constant to be used in {@link org.xwiki.context.ExecutionContext} with the value {@code "true"} to bypass a | ||
| * check of {@link #isDomainTrusted(URL)}. | ||
| */ | ||
| String BYPASS_DOMAIN_SECURITY_CHECK_CONTEXT_PROPERTY = "bypassDomainSecurityCheck"; | ||
|
|
||
| /** | ||
| * Check if the given {@link URL} can be trusted based on the trusted domains of the wiki. | ||
| * This method check on both the list of trusted domains given by the configuration | ||
| * (see {@link URLConfiguration#getTrustedDomains()}) and the list of aliases used by the wiki descriptors. | ||
| * Note that this method always returns {@code true} if {@link URLConfiguration#isTrustedDomainsEnabled()} returns | ||
| * {@code true}. Also the method will return {@code true} whenever the {@link org.xwiki.context.ExecutionContext} | ||
| * contains a property named {@link #BYPASS_DOMAIN_SECURITY_CHECK_CONTEXT_PROPERTY} with the value {@code "true"}. | ||
| * | ||
| * @param urlToCheck the URL for which we want to know if the domain is trusted or not. | ||
| * @return {@code true} if the URL domain can be trusted or if the check is skipped, {@code false} otherwise | ||
| */ | ||
| boolean isDomainTrusted(URL urlToCheck); | ||
| } |
63 changes: 63 additions & 0 deletions
63
xwiki-platform-core/xwiki-platform-url/xwiki-platform-url-default/pom.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
|
|
||
| <!-- | ||
| * See the NOTICE file distributed with this work for additional | ||
| * information regarding copyright ownership. | ||
| * | ||
| * This is free software; you can redistribute it and/or modify it | ||
| * under the terms of the GNU Lesser General Public License as | ||
| * published by the Free Software Foundation; either version 2.1 of | ||
| * the License, or (at your option) any later version. | ||
| * | ||
| * This software is distributed in the hope that it will be useful, | ||
| * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
| * Lesser General Public License for more details. | ||
| * | ||
| * You should have received a copy of the GNU Lesser General Public | ||
| * License along with this software; if not, write to the Free | ||
| * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA | ||
| * 02110-1301 USA, or see the FSF site: http://www.fsf.org. | ||
| --> | ||
|
|
||
| <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> | ||
| <modelVersion>4.0.0</modelVersion> | ||
| <parent> | ||
| <groupId>org.xwiki.platform</groupId> | ||
| <artifactId>xwiki-platform-url</artifactId> | ||
| <version>13.3-SNAPSHOT</version> | ||
| </parent> | ||
| <artifactId>xwiki-platform-url-default</artifactId> | ||
| <name>XWiki Platform - URL - Default</name> | ||
| <packaging>jar</packaging> | ||
| <description>Default implementations of the API defined in xwiki-platform-url-api</description> | ||
| <properties> | ||
| <!-- The reason for this low TPC value is because this module is tested using integration tests in the various | ||
| URL Scheme modules --> | ||
| <xwiki.jacoco.instructionRatio>0.31</xwiki.jacoco.instructionRatio> | ||
| </properties> | ||
| <dependencies> | ||
| <dependency> | ||
| <groupId>org.xwiki.platform</groupId> | ||
| <artifactId>xwiki-platform-url-api</artifactId> | ||
| <version>${project.version}</version> | ||
| </dependency> | ||
| <dependency> | ||
| <groupId>org.xwiki.platform</groupId> | ||
| <artifactId>xwiki-platform-oldcore</artifactId> | ||
| <version>${project.version}</version> | ||
| </dependency> | ||
| <dependency> | ||
| <groupId>org.xwiki.platform</groupId> | ||
| <artifactId>xwiki-platform-wiki-api</artifactId> | ||
| <version>${project.version}</version> | ||
| </dependency> | ||
| <!-- Testing Dependencies --> | ||
| <dependency> | ||
| <groupId>org.xwiki.commons</groupId> | ||
| <artifactId>xwiki-commons-tool-test-component</artifactId> | ||
| <version>${commons.version}</version> | ||
| <scope>test</scope> | ||
| </dependency> | ||
| </dependencies> | ||
| </project> |
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
Oops, something went wrong.